TITLE: Microsoft Various Products PNG Image Parsing Vulnerabilities SECUNIA ADVISORY ID: SA14174 VERIFY ADVISORY: http://secunia.com/advisories/14174/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Millenium http://secunia.com/product/14/ Microsoft Windows 98 Second Edition http://secunia.com/product/13/ Microsoft Windows 98 http://secunia.com/product/12/ SOFTWARE: Microsoft MSN Messenger 6.x http://secunia.com/product/1902/ Microsoft Windows Messenger 5.x http://secunia.com/product/40/ Microsoft Windows Media Player 9.x http://secunia.com/product/1085/ DESCRIPTION: Two vulnerabilities have been reported in various Microsoft products, which can be exploited by malicious people to compromise a vulnerable system. 1) Microsoft has acknowledged a vulnerability in Windows Messenger and MSN Messenger when processing PNG image files. This can be exploited to execute arbitrary code on a user's system via a specially crafted PNG image file. For more information: SA12219 2) A variant of the first vulnerability exists in Windows Media Player when processing PNG image files containing extremely large width and height values. This can be exploited to execute arbitrary code on a user's system via a specially crafted PNG image when the user e.g visits a malicious web site. SOLUTION: Apply patches. Windows Media Player 9 Series (running on Windows 2000, Windows XP SP1, or Windows Server 2003): http://www.microsoft.com/downloads/details.aspx?FamilyId=A52279DC-3B6C-4720-8192-45657EDBB14F Windows Messenger 5.0 (standalone version): http://www.microsoft.com/downloads/details.aspx?FamilyID=A8D9EB73-5F8C-4B9A-940F-9157A3B3D774 Microsoft MSN Messenger 6.1: http://www.microsoft.com/downloads/details.aspx?FamilyId=EBE898D8-FE1C-4A5E-993C-5FAB3E62C925 Microsoft MSN Messenger 6.2: http://www.microsoft.com/downloads/details.aspx?FamilyId=EBE898D8-FE1C-4A5E-993C-5FAB3E62C925 Windows Messenger 4.7.0.2009 (running on Windows XP SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=E3DC209B-AD57-49E1-BB90-6FA2CA8763A6 Windows Messenger 4.7.0.3000 (running on Windows XP SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=1DCC9628-E2D0-496F-B4F2-3AFEFA0A0156 Windows 98, Windows 98 SE, and Windows ME: An update is available via Windows Update. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Carlos Sarraute of Core Security Technologies for reporting the vulnerability in MSN Messenger. 2) Reported by vendor. ORIGINAL ADVISORY: MS05-009 (KB890261): http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx OTHER REFERENCES: SA12219: http://secunia.com/advisories/12219/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------